1. Technical Field
The invention relates to server side session management. A session is defined as the information that the user provides to the host server using any browser for the purpose of carrying out a sequence of related online transactions. More particularly, the invention relates to maintaining easily retrievable backups of a user session in a scalable and performant way on the network so as to continue managing a session even during server failures at web-hosting sites.
2. Description of the Prior Art
Internet usage has exploded over the years and is becoming more and more popular by the day. There has also been a phenomenal increase in inline shopping; i.e. e-commerce, with statistics showing that in 1999 there were more online shoppers than all the shoppers in the prior three years put together.
An on-line shopping transaction, which is one of the most significant applications of session management, comprises a number of steps. The purchaser/online shopper begins by visiting multiple sites for research. Then the shopper chooses a particular web site and then within the web site parses through various web pages (links) to narrow down on the particular product. The process ends with the completion of the sales transaction through the input of relevant information required from the purchaser for the purpose.
In this context, session management assumes great significance. In carrying out an on-line transaction, such as a purchase, it is important that the information submitted by the user during the course of an on-line session be stored and be easily retrievable in case of server break down. Thus, a need exists for backing up information and data on a user session, so that the session information does not get lost in case of a server break down, thus not requiring the user to restart the session all over again.
Although duration of a typical session lasts only from a few minutes to hours, the growing number of Internet users has dramatically increased the number of sessions taking place per second. Therefore, a need exists for robust session management methods on the server side to handle the ever-increasing number of sessions and make the overall online experience a pleasant one for the user. Good session management is important because performance is critical.
Good session management involves inter alia restoring the session to the state it was in prior to the failure of the server, thereby not requiring the user to restart the session all over again in case of a server breakdown. There are two main types of session management. One is client side session management and the other is server side session management.
Client Side
1. Session management with cookies
2. Session management using invariable time forms
Server Side
1. Session management methods on the server side.
Session management using cookies involves leaving a cookie (block of data) on the PC of the user. This cookie contains information such as the session history, personal information about the user like user name and shopping cart, and any other pertinent information. In the event of disruption of the session due to any reason, such as server failure, the information is stored only in the cookie and the session continues without failure.
Session management using hidden variable within forms involves storing all the information input by the user and transmitting that information also as the user moves from one page to the next. The next form contains the same information input by the user in the first form.
Server side session management methods, broadly speaking, involve storing data about a user session on the network server with which the user is in contact, such a server performing the task of constantly updating and maintaining recent session information. The process begins with the input of data by the user to the server. The server keeps track of the information and maintains cached copy of session data retrievable for each continuing request. At the same time, such a method proves to be less taxing on the network bandwidth, because the session data does not need to be passed on every request.
Server side session management systems need to be robust, performant and scalable, so as to better address the needs of users and be a reliable system of backup. The backup strategy needs to be efficient so as to come into play immediately on the failure of the primary server so that information about the session gets transmitted to the backup server, which immediately assumes the functions hitherto performed by the primary server that just failed. The speed at which these transactions occur is important so that the user does not experience any discontinuity or disruption, thus ensuring the overall satisfaction of the session for the end user.
There are several methods of server side session management. According to a traditional method of server side session backup, session information from all the different servers on a network are backed up in the database directly.
Netscape Enterprise Server 4.0 (NES), manufactured by Netscape Communications Corporation of Mountain View, Calif. has a server side session management mechanism for session backup on a single machine called the MMapSessionManager. In this implementation each server writes session information to a common file, maintained by MMapSessionManager. Under this implementation, if one of the servers fails, other servers can access the information of the failed server from the Session Manager and thus restore the session seamlessly. Each server is a peer and can handle a request from any user equally.
The main disadvantages to this kind of a system of session management are in the areas of file storage, a single point of failure and scalability. Performance of a session is critical, such performance being dependent upon the session information files being stored locally so that retrieval may be faster. Although, storing of session backups locally makes retrieval faster and performance efficient, storing of all the files locally on one machine, i.e the MmapSessionManager means that there is a single point of failure. As a result the system is ill equipped to overcome an eventuality where the hardware holding the Session information fails. In such a situation, the entire session information, which was backed up by the Sessions Manager is lost forever with no way to retrieve it whatsoever.
Even in cases where files are stored in a remote file server because efficient or speedy performance is not a critical issue, the system still has a single point of failure as discussed earlier, meaning thereby that if the storage server hardware fails, the session data thus lost becomes irretrievable.
Netscape Application Server (NAS) has a different implementation of safe server-side session management. ANAS is an application server and therefore has numerous functionalities such as database access across servers. Server-side session management is an important feature of NAS.
Under NAS, when a user conducts a session with a particular server, all session information is backed up synchronously with both a Master instance as well as a Slave instance. The server conducting the session is given a token to update the session information. If any other server needs to update the session, then the token must be transferred from the owner to the other server through the Master instance.
When the server conducting the session fails, the user is routed to another server, which attempts to attain the token through the Master instance. The Master instance detects that the server which owned the token has failed and grants a new token to the server now conducting the user's session.
Safe server-side session management on NAS is not performant. During updates to the session, the data must be written to the Master instance which in turn updates the Slave, all of which must be done before responding to the user.
Scalability also suffers greatly, because there are only two servers responsible for session backup. The load cannot be distributed among more servers as the number of servers on the network grows.
Hence, it is evident that a need exists for a mechanism of session management that includes failover servers to take over the load of the failed primary server without compromising speed and performance. Such a system should be scalable so as to meet the growing demands of the e-commerce community. Further, a need exists for a system of session management, which is performant